Title: CORS Header not set correctly
Last modified: October 14, 2020

---

# CORS Header not set correctly

 *  [phylu](https://wordpress.org/support/users/phylu/)
 * (@phylu)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/cors-header-not-set-correctly/)
 * The following situation: My wordpress site is located as [https://example.com](https://example.com)
 * I am trying to set the Access-Control-Allow-Origin header of my page to [https://example.com](https://example.com)
   in order to block all external requests to its API.
 * However, this does not seem to have any effect. I can still see the default behaviour
   as described in the code here: [https://developer.wordpress.org/reference/functions/rest_send_cors_headers/](https://developer.wordpress.org/reference/functions/rest_send_cors_headers/)
 * So basically if an Origin header is set, the Access-Control-Allow-Origin will
   just replay the Origin header instead of the value that I have configured. I 
   have no idea how to resolve this. Any help is highly appreciated.
 * Best regards
    Phylu

The topic ‘CORS Header not set correctly’ is closed to new replies.

 * ![](https://ps.w.org/http-headers/assets/icon-128x128.png?rev=1413576)
 * [HTTP Headers](https://wordpress.org/plugins/http-headers/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/http-headers/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/http-headers/)
 * [Active Topics](https://wordpress.org/support/plugin/http-headers/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/http-headers/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/http-headers/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [phylu](https://wordpress.org/support/users/phylu/)
 * Last activity: [5 years, 7 months ago](https://wordpress.org/support/topic/cors-header-not-set-correctly/)
 * Status: not resolved